The fix wordpress malware attack Codex has an outline of what permissions are acceptable. Directory and file permissions can be changed either via an FTP client or within the page from the web host.
The one I recommend, and the approach, is to use one of the password creation and storage plugins available for your browser. Many people like RoboForm, but I think after a free trial period, you need to pay for it. I use the free version of Lastpass, and I recommend it for those who click for more info use Internet Explorer or Firefox. That will generate secure passwords for you; you use one master password to log in.
It's a WordPress plugin. They are drop dead easy to set up, have all the features you need for a job like this, and are relatively cheap, especially when compared to having to employ someone to have this done for you.
All-Rounder safety plug-ins can be thought of as a security checker that was full. They scan and check the entire website and give you information about the weaknesses of the site.
But realize that security is. Don't just be the type that is reactive, take steps to start today, protecting yourself. Don't let Joe the Hacker make your life miserable and turn all in creating come look at this site crashing down in a matter of seconds that you've worked so hard.